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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 



after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E2 Responsive to communication(s) filed on 75 September 2000 . 
2a)D This action is FINAL. 2b)H This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) 13 Claim(s) 1-42 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-42 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) H The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 15 September 2000 is/are: a)(3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) Q The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 
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DETAILED ACTION 

1 . Pursuant to USC 131, claims 1-42 are presented for examination. 

Specification 

2. The disclosure is objected to because of the following informalities: on page 4, line 25, 
the phrase "can be sure of is the" should be revised. Also, on page 17, line 2, there is a repetition 
of the word "that". Appropriate correction is required. 

2. 1 The abstract of the disclosure is objected to because of the typographic error on page 38, 
line 18 on the word "server". 

Claim Objections 

3. Claims 1, 31, 34, 34, and 40 are objected to for lack of indentation of limitation. See 
MPEP § 608.0 l(m). Appropriate correction is required. 



Claim Rejections - 35 USC § 112 

4. The following is a quotation of the second paragraph of 35 U.S.C 112: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter, which the applicant regards as his invention. 
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Claims 10-14, 16, 17, 22, 28, 29, 30, 34, and 39 and the intervening claims are rejected 
under 35 U.S. C 112, second paragraph, as being indefinite for failing to particularly point out 
and distinctly claim the subject matter which applicant regards as the invention. 

4. 1 Claims 11-14, 17, 22, 28, and 30 recite the limitation "said current co-server state and 
said inputs There is insufficient antecedent basis for this limitation in the claim. Claim 30 
also recite a read interaction and write interaction. There is insufficient antecedent basis for this 
limitation in the specification- 
Claims 10 and 16 recite the limitation "said current co-server state". There is 
insufficient antecedent basis for this limitation in the claim. 

Claim 17 and the intervening claims recite the limitation "the decryption of input from 
said client H . There is insufficient antecedent basis for this limitation in the claim. Claim 17 also 
recites "the" server input. There is insufficient antecedent basis for this limitation in the claim. 

Regarding claims 10, 16, 29, 34, and 39, the phrase "such as" renders the claim 
indefinite because it is unclear whether the limitations following the phrase are part of the 
claimed invention. See MPEP § 2173.05(d). Claim 30 also recites "the output returned to 
client". There is insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 103 
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5. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

5. 1 Claims 1- are rejected under 35 U.S.C 103(a) as being unpatentable over US Patent 
6,453,296 to Iwamura in view of Non-Patent Literature: Wilhelml, U., et al. "Introducing 
Trusted Third Parties to the Mobile Agent Paradigm" Institute pour les Communications 
informatiques et leurs Applications, Ecole Polytechnique Federate de Lausanne, 1015 Lausanne, 
Switzerland, Pages 1-21. 

5 2 As per claims 1, 2, 4, 7, 31, 33, 34, 35, 37, 38, 40, and 41, Iwamura substantially 
teaches a method, comprised of enhancing a computational service to each client of a plurality of 
clients, by: moving a selected portion of a computation from a server into a trusted co-server; 
and allowing each client to interact with the server and the co-server, for example (see column 4, 
lines 21-52 and column 9, lines 20-67). Iwamura further teaches multiple parties interaction 
(see column 3, lines 45-67). Iwamura does not explicitly disclose the trusted co-server 
executing inside a secure coprocessor. Secure coprocessors are well known in the art for 
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providing tamper resistant hardware protection. Wilhelml et al. in an analogous art teaches 
moving computation from a server into a trusted co-server controlled by an operator, executing 
inside a secure coprocessor to provide a trustworthy environment, for example (see sections 5-6). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the method of Iwamura to move a selected portion of a computation from a 
server into a trusted co-server in order to provide a trustworthy environment as taught by 
Wilhelml et al- This modification would have been obvious because one skilled in the art 
would have been motivated by the suggestions provided by Wilhelml et al. so as to provide a 
trustworthy environment. 

As per claims 3, 5, 39, and 42, Iwamura discloses the limitation of wherein said step of 
allowing includes enabling said client an authenticated, private channel to said co-server, for 
example (see column 3, line 45 through column 4, line 52). Iwamura discloses the client 
authenticates the co-server, the client sends its input to the co-server over a private channel, such 
as one established by encryption with a shared secret key, the co-server sends its output to said 
another party over a private channel, such as one established by encryption with a shared secret 
key, for example (see columns 10-11 and summary). 

As per claims 8 and 9, Iwamura discloses the limitation of wherein said step of 
enhancing includes providing a desired security and/or privacy property, wherein said step of 
enhancing includes providing at least one security and/or privacy property to an application 
selected from the group including: authentication of clients, nonrepudiation of client activity, 
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nonrepudiation of server activity, credit card transaction security, taxes on e-commerce activity, 
re-selling of intellectual property, privacy of sensitive or proprietary web activity, correctness of 
web activity, enforcement of logo and/or "seal of approval" licenses, safety of downloadable 
content, authenticity of downloadable content, integrity of server machine, and any combination 
of these, for example (see column 1, line 40 through column 3, line 15; and column 3, line 45 
through column 4, line 52). 

As per claims 10-12, Iwamura discloses co-server algorithm that generates output that 
includes a signed statement using a private key known to the co-server and discloses 
authenticating both the client and the server, for example (see columns 9-10). Wilhelml et al. 
discloses generating output based on current agent state that meets the recitation of wherein input 
from said client is prompt from server for the user's private authenticator data, such as a 
password, input from said server is this authentication data, co-server algorithm, that generates 
output to said client based on said current co-server state and said inputs indicates whether or not 
the authenticator data is correct for this user, and generates output to said client based on said 
current co-server state and said inputs includes a signed statement, using a privacy key known to 
the co-server, attesting, for the client, that the server engaged in an interaction satisfying certain 
properties, for example (see sections 2.1 and 4.3). Therefore, these claims are rejected on the 
same rejection as claim 1 . 

As per claims 13-16, Iwamura discloses the limitation of wherein: the client's input 
includes a credit card number (CCN), the output co-server algorithm that generates output to said 
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client based on said current co-server state and said inputs includes the CCN, encrypted so that 
the server cannot read it but an acquirer can and wherein the server includes a transaction 
amount, the output co-server algorithm that generates output to said client based on said current 
co-server state and said inputs includes the transaction amount, cryptographically bound to the 
encrypted CCN so that the server cannot alter it, for example (see column 9, line 21 through 
column 10). Iwamura further discloses protecting the client personal information and the server 
information using cryptography and time stamping so that data can be transmitted to the acquirer 
in such a manner so that the acquirer can receive this transaction exactly once, for example (see 
column 10, line 50 through column 1 1 and column 12, lines 15-51). Wilhelml et al. also 
discloses generating output to said client based on said current co-server state and said inputs 
includes the transaction amount, cryptographically bound to the encrypted CCN so that the 
server cannot alter it encrypting information. Therefore, these claims are rejected on the same 
rejection as claim 1 . 

As per claims 17 and 20, Iwamura discloses a remote party is an owner of intellectual 
property, the server input includes part of this property and generating output that includes 
portion of input from said client that the limitation of where: a remote party is an owner of 
intellectual property, the server input includes part of this property, encrypted so that only the 
co-server can decrypt it, the output function co-server algorithm that generates output to said 
client based on said current co-server state and said inputs to the client includes a portion of the 
decryption of input from said client, for example (see columns 9-12). For instance, column 11, 
lines 30 et seq. discloses an example of output to client that includes unencrypted portion and 
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encrypted information. Column 10 shows a portion of decryption of input that is re-encrypted. 
Wilhelml et al. discloses the limitation of except the output function now includes a portion of 
the decryption of input from said server, re-encrypted, possibly with rights management rules, in 
a manner that a secure coprocessor at the client site can decrypt it, for example (see sections 5.1- 
5.2). Therefore, these claims are rejected on the same rejection as claim 1 . 

Claims 18-19 recites similar limitations as claims 13-16 except for generating a 
transformation using a watermark or reducing the quality of plaintext. Such method of hiding 
information is well known in the art. Using such method does not depart from the spirit and 
scope of the invention disclosed by the above references. 

As per claim 21, Iwamura discloses the limitation of wherein: the client input includes a 
choice of which record R in a set of records the client would like to receive, the co-server 
includes this record R in its response to the client, however, the co-server obtains R in such a 
way as the server does not know which record was the one selected, for example (see column 10, 
lines 39-67 and column 11). 

As per claims 22 and 28, Iwamura discloses the limitation of wherein: a remote party 
establishes a content evaluation scheme, consisting of an evaluation function mapping content to 
some set of indicators, and as part of computing the client output function co-server algorithm 
that generates output to said client based on said current co-server state and said inputs, the 
co-server calculates, or verifies an external calculation, of the evaluation function and includes 
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the result in the client output, for example (see columns 10-11). Iwamura discloses verifying a 
charge and includes the result in client output. See also columns 8-9 for interaction between the 
devices. 

As per claim 23, Iwamura discloses the limitation of where the evaluation function 
consists of determining whether specified server input from specified server merits a logo or seal 
of approval, in accordance with a business arrangement between the server and the remote party, 
for example (see column 9, lines 20 et seq.). 

As per claim 26, Iwamura discloses the limitation of using a secure channel and 
protecting user information and details of the transaction that meets the recitation of where party 
the remote party has injected evaluation function and/or some of its parameters into the co-server 
through a private channel, so that the server cannot know the details of the evaluation function 
execution occurring on the co-server, for example (see column 8, lines 20-45). 

As per claim 27, Iwamura discloses the limitation of where the server input includes 
both content and a signature on the content, from one of possibly many content providers, and 
the evaluation function includes testing whether the signature is valid, for example (see column 
8, lines 50 et seq.). 

As per claims 29, 32, and 36, Wilhelml et al. discloses security action s against another 
server that meets the recitation of where: the co-server has the ability to carry out 
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security-enhancing actions against the server, such as booting the server and securely or carrying 
out a security scan of the server, the output returned to client indicates which of these actions 
have been carried out, and how recently, for example (see sections 4.2 and section 6). It is 
apparent to one skilled in the art that the limitation in this claim does not depart from the spirit 
and scope of the disclosure of Wilhelml et al.. Therefore claims 29 and 32 are rejected on the 
same rationale as the rejection of claim 1 . 

As per claim 30, Iwamura discloses the limitation of where the client input includes a 
message and a specification of the appropriate entities who can read the message, for example 
(see columns 10-12). The limitation of encrypted the output based on client input to prevent data 
from being read is disclosed by both references as discussed above. The verifying step of 
message from the client by the server is also disclosed above. Therefore, Iwamura substantially 
discloses the limitation of where: the client can specify whether the interaction is a read 
interaction or a write interaction; for a write interaction: the client input includes a message M 
and a specification S of the appropriate entities who can read this message; the co-server retains 
M and S by storing them in some combination across the co-server and server via an algorithm 
that generates new co-server state based on said current co-server state and said inputs, the 
internal state in the co-server and co-server algorithm that generates output to said server based 
on said current co-server state and said inputs; however in said write interaction: any portion of 
M sent via co-server algorithm that generates output to said server based on said current 
co-server state and said inputs is encrypted, so that the server cannot access the plaintext; and 
mechanisms are used io ensure that, when the co-server later retrieves any of this data from the 
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server, that the data has not been changed; for a read interaction: the client input specifies which 
message M the client would like to read, the co-server retrieves S, if the client satisfies S, then 
the co-server sends M back to the client, after first retrieving and decrypting it, if necessary, for 
example (see columns 10-12). 

6. Claims 6, 24, and 25 is rejected under 35 U.S.C 103(a) as being unpatentable over US 
Patent 6,453,296 to Iwamura in view of Non-Patent Literature: Wilhelml, U., et al. 
"Introducing Trusted Third Parties to the Mobile Agent Paradigm" Institute pour les 
Communications informatiques et leurs Applications, Ecole Polytechnique Federate de 
Lausanne, 1015 Lausanne, Switzerland, Pages 1-21 as applied to claims 1-19 above, and further 
in view of US Patent 6,714,982 to McDonough et al.. 

As per claims 6, 24-25, both references substantially teach the claimed method of claim 
1. Wilhelml et al. also discloses preventing malicious service. Scanning message for virus 
before transmission is well known in the art and does not depart from the spirit and scope of the 
disclosure of Wilhelml et al.. Claim 22 is rejected on the same rationale as the rejection as 
claim 1 . McDonough et al. in an analogous art teaches determining whether input which has 
potentially executable content is free of viruses, for example (see column 4, lines 45-55) in order 
to provide additional security. McDonough et al also discloses where the evaluation function is 
parameterized by a "signature file" and where the client output includes an identification of 
which signature file was used in this interaction, for example (see column 4, lines 3 1 et seq.). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
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was made to modify the method as combined above to determine whether server input which has 
potentially executable content is free of viruses in order to provide additional security as taught 
by McDonough et al.. This modification would have been obvious because one skilled in the art 
would have been motivated by the suggestions provided by McDonough et aL in order to 
provide additional security. 



Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure as the art discloses the use of co-servers and secured commercial transaction. Many 
of the claimed features are disclosed in these references. 

US Patents: 5,848,161 Luneau et al. 

5,990,199 Krajewski, Jr. et al. 

6,202,157 Brownlie et al. 

US Patent Publication US 2002/0 1 1 1 997 Herlihy 



7. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 703-305-0355. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Carl Colin 
Patent Examiner 

' AYAZ SHEIKH 

August 3 1 2004 SUPERVISORY PATENT EXAMIM*™ 

TECHNOLOGY CENTER 21 0< 



